Guides

Authentication

Suggest Edits

Obtaining Client Credentials

See the docs on obtaining credentials to provision required credentials. The provided client id and client secret will be used to retrieve an access token for authorizing requests to the Breezeway platform.

Generating Access and Refresh Tokens

To generate your access and refresh token, perform a POST call to the auth endpoint with your client credentials using an application/json content type.

curl --request POST \
     --url https://api.breezeway.io/public/auth/v1/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "client_id": "<YOUR_CLIENT_ID>",
  "client_secret": "<YOUR_CLIENT_SECRET>"
}
'

The Breezeway platform will respond with an access token and refresh token.

{
  "access_token": "<YOUR_JWT_ACCESS_TOKEN>",
  "refresh_token": "<YOUR_JWT_REFRESH_TOKEN>"
}

The tokens return are JSON Web Tokens (JWTs). Access tokens have a 24-hour lifetime and can be used to authenticate as many requests as needed during that time.

Request Authentication

To authenticate requests to the various Breezeway platform APIs, the access token must be provided in the request header Authorization and must include the scheme JWT as a prefix to the access token. Note the prefix in the following example request.

curl --request GET \
     --url https://api.breezeway.io/public/inventory/v1/property \
     --header 'Authorization: JWT <YOUR_ACCESS_TOKEN>' \
     --header 'accept: application/json'

Refreshing Access Tokens

Access tokens have a 24-hour life and must be refreshed to ensure continued authorization of requests. To refresh tokens, a POST call must be made to the refresh endpoint, using the refresh token obtained previously. As with other requests, the token must be prefixed with JWT.

curl --request POST \
     --url https://api.breezeway.io/public/auth/v1/refresh \
     --header 'Authorization: JWT <YOUR_REFRESH_TOKEN>' \
     --header 'accept: application/json'

The Breezeway platform will respond with new tokens.

{
  "access_token": "<YOUR_NEW_ACCESS_TOKEN>",
  "refresh_token": "<YOUR_NEW_REFRESH_TOKEN>"
}

Refresh tokens have a 30-day lifetime. Each call to refresh an access token provides a new refresh token. If your refresh token expires, new tokens can be generated by following the steps outlined above in Generating Access and Refresh Tokens.

Updated 16 days ago